分析任务
| 分析类型 | 虚拟机标签 | 开始时间 | 结束时间 | 持续时间 |
|---|---|---|---|---|
| 文件 (Windows) | win7-sp1-x64-hpdapp01-1 | 2017-12-14 19:30:33 | 2017-12-14 19:33:03 | 150 秒 |
魔盾分数
0.0
正常的
文件详细信息
| 文件名 | XSecAntivirus_Main.exe |
|---|---|
| 文件大小 | 288768 字节 |
| 文件类型 | PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB) system file, for MS Windows |
| MD5 | bd58bbe70eda39d0df1f622b95c1ddb6 |
| SHA1 | 5c23e1e4c5522b1591ef997b05aa8ca11cbf69ff |
| SHA256 | 4068ba7378ad1aae24f32beb163d238def10a08f6de3d4dfe10da2338625a81c |
| SHA512 | a7fcea26ba61f4b92330ee742a07f2df185044b822fd8df5e69c72d3de16b4ee19379b5f11d78ff2f4822a33c7f5a13e767f983a74ba0c5f11b90834b81e492c |
| CRC32 | 31F8CC2B |
| Ssdeep | 6144:oPQ8Y6Nne0O4xWKoHmR18MisC/4/pFWnc7:eYoVO4xWK/R18MpL |
| Yara | 登录查看Yara规则 |
| 样本下载 提交漏报 |
登录查看威胁特征
运行截图
访问主机纪录 (可点击查询WPING实时安全评级)
无主机纪录.
域名解析 (可点击查询WPING实时安全评级)
无域名信息.
摘要
登录查看详细行为信息PE 信息
| 初始地址 | 0x00400000 |
|---|---|
| 入口地址 | 0x0040c5a2 |
| 声明校验值 | 0x00000000 |
| 实际校验值 | 0x0004a89d |
| 最低操作系统版本要求 | 5.1 |
| PDB路径 | E:\\xe6\x88\x91\xe7\x9a\x84\xe6\x96\x87\xe6\xa1\xa3\Visual Studio 2015\Projects\XSec_Antivirus\Release\XSecAntivirus_Main.pdb |
| 编译时间 | 2017-10-02 14:01:30 |
| 载入哈希 | 15321166c43c53b2e0a6318e5a605d56 |
版本信息
| LegalCopyright | |
|---|---|
| InternalName | |
| FileVersion | |
| CompanyName | |
| ProductName | |
| ProductVersion | |
| FileDescription | |
| OriginalFilename | |
| Translation |
PE 数据组成
| 名称 | 虚拟地址 | 虚拟大小 | 原始数据大小 | 特征 | 熵(Entropy) |
|---|---|---|---|---|---|
| .text | 0x00001000 | 0x0000cf67 | 0x0000d000 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ | 6.36 |
| .rdata | 0x0000e000 | 0x00007188 | 0x00007200 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 5.13 |
| .data | 0x00016000 | 0x00001360 | 0x00000600 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 4.32 |
| .gfids | 0x00018000 | 0x00000040 | 0x00000200 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 0.34 |
| .tls | 0x00019000 | 0x00000009 | 0x00000200 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 0.02 |
| .rsrc | 0x0001a000 | 0x0002f9e0 | 0x0002fa00 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 6.06 |
| .reloc | 0x0004a000 | 0x00001cb0 | 0x00001e00 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ | 6.48 |
导入
库: mfc140u.dll:
• 0x40e3a8 None
• 0x40e3ac None
• 0x40e3b0 None
• 0x40e3b4 None
• 0x40e3b8 None
• 0x40e3bc None
• 0x40e3c0 None
• 0x40e3c4 None
• 0x40e3c8 None
• 0x40e3cc None
• 0x40e3d0 None
• 0x40e3d4 None
• 0x40e3d8 None
• 0x40e3dc None
• 0x40e3e0 None
• 0x40e3e4 None
• 0x40e3e8 None
• 0x40e3ec None
• 0x40e3f0 None
• 0x40e3f4 None
• 0x40e3f8 None
• 0x40e3fc None
• 0x40e400 None
• 0x40e404 None
• 0x40e408 None
• 0x40e40c None
• 0x40e410 None
• 0x40e414 None
• 0x40e418 None
• 0x40e41c None
• 0x40e420 None
• 0x40e424 None
• 0x40e428 None
• 0x40e42c None
• 0x40e430 None
• 0x40e434 None
• 0x40e438 None
• 0x40e43c None
• 0x40e440 None
• 0x40e444 None
• 0x40e448 None
• 0x40e44c None
• 0x40e450 None
• 0x40e454 None
• 0x40e458 None
• 0x40e45c None
• 0x40e460 None
• 0x40e464 None
• 0x40e468 None
• 0x40e46c None
• 0x40e470 None
• 0x40e474 None
• 0x40e478 None
• 0x40e47c None
• 0x40e480 None
• 0x40e484 None
• 0x40e488 None
• 0x40e48c None
• 0x40e490 None
• 0x40e494 None
• 0x40e498 None
• 0x40e49c None
• 0x40e4a0 None
• 0x40e4a4 None
• 0x40e4a8 None
• 0x40e4ac None
• 0x40e4b0 None
• 0x40e4b4 None
• 0x40e4b8 None
• 0x40e4bc None
• 0x40e4c0 None
• 0x40e4c4 None
• 0x40e4c8 None
• 0x40e4cc None
• 0x40e4d0 None
• 0x40e4d4 None
• 0x40e4d8 None
• 0x40e4dc None
• 0x40e4e0 None
• 0x40e4e4 None
• 0x40e4e8 None
• 0x40e4ec None
• 0x40e4f0 None
• 0x40e4f4 None
• 0x40e4f8 None
• 0x40e4fc None
• 0x40e500 None
• 0x40e504 None
• 0x40e508 None
• 0x40e50c None
• 0x40e510 None
• 0x40e514 None
• 0x40e518 None
• 0x40e51c None
• 0x40e520 None
• 0x40e524 None
• 0x40e528 None
• 0x40e52c None
• 0x40e530 None
• 0x40e534 None
• 0x40e538 None
• 0x40e53c None
• 0x40e540 None
• 0x40e544 None
• 0x40e548 None
• 0x40e54c None
• 0x40e550 None
• 0x40e554 None
• 0x40e558 None
• 0x40e55c None
• 0x40e560 None
• 0x40e564 None
• 0x40e568 None
• 0x40e56c None
• 0x40e570 None
• 0x40e574 None
• 0x40e578 None
• 0x40e57c None
• 0x40e580 None
• 0x40e584 None
• 0x40e588 None
• 0x40e58c None
• 0x40e590 None
• 0x40e594 None
• 0x40e598 None
• 0x40e59c None
• 0x40e5a0 None
• 0x40e5a4 None
• 0x40e5a8 None
• 0x40e5ac None
• 0x40e5b0 None
• 0x40e5b4 None
• 0x40e5b8 None
• 0x40e5bc None
• 0x40e5c0 None
• 0x40e5c4 None
• 0x40e5c8 None
• 0x40e5cc None
• 0x40e5d0 None
• 0x40e5d4 None
• 0x40e5d8 None
• 0x40e5dc None
• 0x40e5e0 None
• 0x40e5e4 None
• 0x40e5e8 None
• 0x40e5ec None
• 0x40e5f0 None
• 0x40e5f4 None
• 0x40e5f8 None
• 0x40e5fc None
• 0x40e600 None
• 0x40e604 None
• 0x40e608 None
• 0x40e60c None
• 0x40e610 None
• 0x40e614 None
• 0x40e618 None
• 0x40e61c None
• 0x40e620 None
• 0x40e624 None
• 0x40e628 None
• 0x40e62c None
• 0x40e630 None
• 0x40e634 None
• 0x40e638 None
• 0x40e63c None
• 0x40e640 None
• 0x40e644 None
• 0x40e648 None
• 0x40e64c None
• 0x40e650 None
• 0x40e654 None
• 0x40e658 None
• 0x40e65c None
• 0x40e660 None
• 0x40e664 None
• 0x40e668 None
• 0x40e66c None
• 0x40e670 None
• 0x40e674 None
• 0x40e678 None
• 0x40e67c None
• 0x40e680 None
• 0x40e684 None
• 0x40e688 None
• 0x40e68c None
• 0x40e690 None
• 0x40e694 None
• 0x40e698 None
• 0x40e69c None
• 0x40e6a0 None
• 0x40e6a4 None
• 0x40e6a8 None
• 0x40e6ac None
• 0x40e6b0 None
• 0x40e6b4 None
• 0x40e6b8 None
• 0x40e6bc None
• 0x40e6c0 None
• 0x40e6c4 None
• 0x40e6c8 None
• 0x40e6cc None
• 0x40e6d0 None
• 0x40e6d4 None
• 0x40e6d8 None
• 0x40e6dc None
• 0x40e6e0 None
• 0x40e6e4 None
• 0x40e6e8 None
• 0x40e6ec None
• 0x40e6f0 None
• 0x40e6f4 None
• 0x40e6f8 None
• 0x40e6fc None
• 0x40e700 None
• 0x40e704 None
• 0x40e708 None
• 0x40e70c None
• 0x40e710 None
• 0x40e714 None
• 0x40e718 None
• 0x40e71c None
• 0x40e720 None
• 0x40e724 None
• 0x40e728 None
• 0x40e72c None
库: KERNEL32.dll:
• 0x40e010 GetModuleHandleW
• 0x40e014 GetProcAddress
• 0x40e018 GetCurrentProcess
• 0x40e01c LoadLibraryW
• 0x40e020 FreeLibrary
• 0x40e024 CreateProcessW
• 0x40e028 GetLastError
• 0x40e02c WaitForSingleObject
• 0x40e030 GetExitCodeProcess
• 0x40e034 SetFileAttributesW
• 0x40e038 DeleteFileW
• 0x40e03c SetThreadPriority
• 0x40e040 GetTickCount
• 0x40e044 CreateThread
• 0x40e048 ResumeThread
• 0x40e04c GetDriveTypeW
• 0x40e050 WritePrivateProfileStringW
• 0x40e054 InitializeCriticalSectionAndSpinCount
• 0x40e058 DeleteCriticalSection
• 0x40e05c ReadFile
• 0x40e060 WideCharToMultiByte
• 0x40e064 GlobalMemoryStatusEx
• 0x40e068 GetModuleFileNameW
• 0x40e06c GetLongPathNameW
• 0x40e070 SetCurrentDirectoryW
• 0x40e074 CreateMutexW
• 0x40e078 GetCurrentDirectoryW
• 0x40e07c lstrcatW
• 0x40e080 GetPrivateProfileIntW
• 0x40e084 GetPrivateProfileStringW
• 0x40e088 UnhandledExceptionFilter
• 0x40e08c SetUnhandledExceptionFilter
• 0x40e090 TerminateProcess
• 0x40e094 IsProcessorFeaturePresent
• 0x40e098 CreateEventW
• 0x40e09c QueryPerformanceCounter
• 0x40e0a0 GetCurrentProcessId
• 0x40e0a4 GetCurrentThreadId
• 0x40e0a8 GetSystemTimeAsFileTime
• 0x40e0ac InitializeSListHead
• 0x40e0b0 IsDebuggerPresent
• 0x40e0b4 GetStartupInfoW
• 0x40e0b8 CloseHandle
• 0x40e0bc OutputDebugStringW
• 0x40e0c0 MultiByteToWideChar
• 0x40e0c4 GetVolumeInformationW
• 0x40e0c8 CreateFileW
库: USER32.dll:
• 0x40e218 ClientToScreen
• 0x40e21c GetCursorPos
• 0x40e220 LoadIconW
• 0x40e224 SetTimer
• 0x40e228 AppendMenuW
• 0x40e22c IsIconic
• 0x40e230 GetSubMenu
• 0x40e234 DrawIcon
• 0x40e238 GetClientRect
• 0x40e23c SendMessageW
• 0x40e240 RedrawWindow
• 0x40e244 wsprintfW
• 0x40e248 EnableWindow
• 0x40e24c LoadMenuW
• 0x40e250 GetSystemMetrics
• 0x40e254 KillTimer
• 0x40e258 GetSystemMenu
• 0x40e25c MessageBoxW
库: GDI32.dll:
• 0x40e008 CreateFontW
库: SHELL32.dll:
• 0x40e1f8 SHGetPathFromIDListW
• 0x40e1fc ShellExecuteW
• 0x40e200 SHBrowseForFolderW
• 0x40e204 SHGetFolderPathW
库: COMCTL32.dll:
• 0x40e000 InitCommonControlsEx
库: ole32.dll:
• 0x40e734 CoTaskMemFree
库: MSVCP140.dll:
• 0x40e0f8 ?uncaught_exception@std@@YA_NXZ
• 0x40e108 ??Bid@locale@std@@QAEIXZ
• 0x40e110 ?_Fiopen@std@@YAPAU_iobuf@@PB_WHH@Z
• 0x40e118 ?always_noconv@codecvt_base@std@@QBE_NXZ
• 0x40e128 ?_BADOFF@std@@3_JB
• 0x40e138 ?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
• 0x40e140 ??0_Locinfo@std@@QAE@HPBD@Z
• 0x40e144 ??1_Lockit@std@@QAE@XZ
• 0x40e148 ??1_Locinfo@std@@QAE@XZ
• 0x40e150 ??4?$_Yarn@D@std@@QAEAAV01@PBD@Z
• 0x40e154 ?_Xruntime_error@std@@YAXPBD@Z
• 0x40e158 ?_Xlength_error@std@@YAXPBD@Z
• 0x40e15c ?_Xbad_alloc@std@@YAXXZ
• 0x40e160 ?_Xout_of_range@std@@YAXPBD@Z
• 0x40e164 ?widen@?$ctype@_W@std@@QBE_WD@Z
• 0x40e168 ?id@?$ctype@_W@std@@2V0locale@2@A
• 0x40e170 ?getloc@ios_base@std@@QBE?AVlocale@2@XZ
• 0x40e198 ??0_Lockit@std@@QAE@H@Z
• 0x40e1d4 ?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
库: XSec_FC.dll:
• 0x40e29c ??0CXSec_FC@@QAE@XZ
• 0x40e2a0 ?LoadVirusDB@CXSec_FC@@QAEHXZ
• 0x40e2a4 ?ClearVirusDB@CXSec_FC@@QAEHXZ
库: WINMM.dll:
• 0x40e290 timeGetTime
库: VCRUNTIME140.dll:
• 0x40e264 __std_terminate
• 0x40e268 memmove
• 0x40e26c __std_exception_copy
• 0x40e270 __std_exception_destroy
• 0x40e274 memset
• 0x40e278 __CxxFrameHandler3
• 0x40e27c __vcrt_InitializeCriticalSectionEx
• 0x40e280 _except_handler4_common
• 0x40e284 _CxxThrowException
• 0x40e288 memcpy
库: api-ms-win-crt-stdio-l1-1-0.dll:
• 0x40e344 _set_fmode
• 0x40e348 __stdio_common_vsprintf_s
• 0x40e34c fgetwc
• 0x40e350 fputwc
• 0x40e354 fputc
• 0x40e358 __stdio_common_vsnprintf_s
• 0x40e35c ungetc
• 0x40e360 fclose
• 0x40e364 _get_stream_buffer_pointers
• 0x40e368 fwrite
• 0x40e36c __p__commode
• 0x40e370 fgetpos
• 0x40e374 _fseeki64
• 0x40e378 fsetpos
• 0x40e37c setvbuf
• 0x40e380 fflush
• 0x40e384 ungetwc
• 0x40e388 fgetc
库: api-ms-win-crt-runtime-l1-1-0.dll:
• 0x40e2f0 _seh_filter_exe
• 0x40e2f4 _invalid_parameter_noinfo_noreturn
• 0x40e2f8 _controlfp_s
• 0x40e2fc terminate
• 0x40e300 _crt_atexit
• 0x40e304 _register_onexit_function
• 0x40e308 _initialize_onexit_table
• 0x40e30c _invalid_parameter_noinfo
• 0x40e310 _register_thread_local_exe_atexit_callback
• 0x40e314 _c_exit
• 0x40e318 _cexit
• 0x40e31c exit
• 0x40e320 _exit
• 0x40e324 _initterm_e
• 0x40e328 _initterm
• 0x40e32c _get_wide_winmain_command_line
• 0x40e330 _initialize_wide_environment
• 0x40e334 _configure_wide_argv
• 0x40e338 _set_app_type
• 0x40e33c _errno
库: api-ms-win-crt-environment-l1-1-0.dll:
• 0x40e2ac _wgetcwd
库: api-ms-win-crt-filesystem-l1-1-0.dll:
• 0x40e2b4 _unlock_file
• 0x40e2b8 _findclose
• 0x40e2bc _wfindfirst64i32
• 0x40e2c0 _waccess_s
• 0x40e2c4 _wfullpath
• 0x40e2c8 _wfindnext64i32
• 0x40e2cc _lock_file
库: api-ms-win-crt-math-l1-1-0.dll:
• 0x40e2e8 __setusermatherr
库: api-ms-win-crt-locale-l1-1-0.dll:
• 0x40e2e0 _configthreadlocale
.text
`.rdata
@.data
.gfids
@.tls
.rsrc
@.reloc
QSVWj
InitializeConditionVariable
SleepConditionVariableCS
WakeAllConditionVariable
Unknown
Clean
bad cast
Unknown exception
bad locale name
invalid string position
string too long
IsWow64Process
RtlGetNtVersionNumbers
%lu.%lu.%lux%lu
COverviewDlg
CProtectionDlg
CScanDlg
log\guiscanlog.txt
Deleted File:
=======================================
Heuristic Engine:
Disabled
Enabled
Cloud Engine:
Resolve Threats:
Scan only
Ask user
Remove threats after scan finished
%02d:%02d:%02d
Elapsed Time: Less than 1 second
Elapsed Time:
Infected File:
Skipped File:
Total File:
vector<T> too long
CSettingsDlg
%lu%lu
1.1.2.0
\Visual Studio 2015\Projects\XSec_Antivirus\Release\XSecAntivirus_Main.pdb
.text$di
.text$mn
.text$x
.text$yd
.idata$5
.00cfg
.CRT$XCA
.CRT$XCAA
.CRT$XCL
.CRT$XCU
.CRT$XCZ
.CRT$XIA
.CRT$XIAA
.CRT$XIAC
.CRT$XIC
.CRT$XIZ
.CRT$XLA
.CRT$XLZ
.CRT$XPA
.CRT$XPZ
.CRT$XTA
.CRT$XTZ
.rdata
.rdata$T
.rdata$r
.rdata$sxdata
.rdata$zzzdbg
.rtc$IAA
.rtc$IZZ
.rtc$TAA
.rtc$TZZ
.xdata$x
.idata$2
.idata$3
.idata$4
.idata$6
.data
.data$r
.gfids$y
.tls$
.tls$ZZZ
.rsrc$01
.rsrc$02
mfc140u.dll
CreateFileW
CloseHandle
ReadFile
GetModuleHandleW
GetProcAddress
GetCurrentProcess
LoadLibraryW
FreeLibrary
CreateProcessW
GetLastError
WaitForSingleObject
GetExitCodeProcess
SetFileAttributesW
DeleteFileW
SetThreadPriority
GetTickCount
CreateThread
ResumeThread
GetDriveTypeW
WritePrivateProfileStringW
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
MultiByteToWideChar
WideCharToMultiByte
GetVolumeInformationW
GlobalMemoryStatusEx
GetModuleFileNameW
GetLongPathNameW
SetCurrentDirectoryW
CreateMutexW
GetCurrentDirectoryW
lstrcatW
GetPrivateProfileIntW
GetPrivateProfileStringW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
CreateEventW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
KERNEL32.dll
SendMessageW
EnableWindow
wsprintfW
RedrawWindow
GetClientRect
SetTimer
KillTimer
LoadMenuW
GetSubMenu
ClientToScreen
GetCursorPos
MessageBoxW
LoadIconW
GetSystemMenu
AppendMenuW
IsIconic
GetSystemMetrics
DrawIcon
USER32.dll
CreateFontW
GDI32.dll
ShellExecuteW
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFolderPathW
SHELL32.dll
InitCommonControlsEx
COMCTL32.dll
PathIsDirectoryEmptyW
PathRemoveFileSpecW
SHLWAPI.dll
CoTaskMemFree
ole32.dll
?_Xout_of_range@std@@YAXPBD@Z
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPBD@Z
?_Xruntime_error@std@@YAXPBD@Z
??4?$_Yarn@D@std@@QAEAAV01@PBD@Z
?_Makeloc@_Locimp@locale@std@@CAPAV123@ABV_Locinfo@3@HPAV123@PBV23@@Z
??1_Locinfo@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ
??0_Locinfo@std@@QAE@HPBD@Z
??0_Lockit@std@@QAE@H@Z
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
?_New_Locimp@_Locimp@locale@std@@CAPAV123@_N@Z
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?_BADOFF@std@@3_JB
?in@?$codecvt@_WDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPA_W3AAPA_W@Z
?out@?$codecvt@_WDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PB_W1AAPB_WPAD3AAPAD@Z
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?always_noconv@codecvt_base@std@@QBE_NXZ
?unshift@?$codecvt@_WDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?_Fiopen@std@@YAPAU_iobuf@@PB_WHH@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
??Bid@locale@std@@QAEIXZ
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z
?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A
?_Getcat@?$codecvt@_WDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?uncaught_exception@std@@YA_NXZ
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPB_W_J@Z
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JXZ
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPA_W_J@Z
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAE_JPB_W_J@Z
?put@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@_W@Z
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ
?widen@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QBE_WD@Z
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@XZ
?getloc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QBE?AVlocale@2@XZ
?_Init@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEXXZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IAE@XZ
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
?imbue@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAE?AVlocale@2@ABV32@@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
?_Getcat@?$ctype@_W@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?id@?$ctype@_W@std@@2V0locale@2@A
?widen@?$ctype@_W@std@@QBE_WD@Z
MSVCP140.dll
?FileCheck@CXSec_FC@@QAEHPB_WV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@1111HHAAV23@@Z
??0CXSec_FC@@QAE@XZ
?LoadVirusDB@CXSec_FC@@QAEHXZ
?ClearVirusDB@CXSec_FC@@QAEHXZ
XSec_FC.dll
timeGetTime
WINMM.dll
__std_terminate
memmove
__std_exception_copy
__std_exception_destroy
memset
__CxxFrameHandler3
__vcrt_InitializeCriticalSectionEx
_except_handler4_common
VCRUNTIME140.dll
fgetc
fgetwc
fputwc
ungetc
ungetwc
_errno
_invalid_parameter_noinfo_noreturn
_wgetcwd
_wfullpath
_waccess_s
wcscat_s
_wfindfirst64i32
_wfindnext64i32
_findclose
fflush
setvbuf
fsetpos
_fseeki64
fgetpos
_invalid_parameter_noinfo
fwrite
_unlock_file
_lock_file
_get_stream_buffer_pointers
fclose
wcscpy_s
__stdio_common_vsnprintf_s
fputc
_time64
_ctime64_s
__stdio_common_vsprintf_s
_seh_filter_exe
_set_app_type
__setusermatherr
_configure_wide_argv
_initialize_wide_environment
_get_wide_winmain_command_line
_initterm
_initterm_e
_exit
_set_fmode
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
_configthreadlocale
_set_new_mode
__p__commode
_initialize_onexit_table
_register_onexit_function
_crt_atexit
terminate
_controlfp_s
api-ms-win-crt-stdio-l1-1-0.dll
api-ms-win-crt-runtime-l1-1-0.dll
api-ms-win-crt-environment-l1-1-0.dll
api-ms-win-crt-filesystem-l1-1-0.dll
api-ms-win-crt-string-l1-1-0.dll
api-ms-win-crt-time-l1-1-0.dll
api-ms-win-crt-heap-l1-1-0.dll
api-ms-win-crt-math-l1-1-0.dll
api-ms-win-crt-locale-l1-1-0.dll
OutputDebugStringW
_CxxThrowException
memcpy
.?AVtype_info@@
.?AVCStatDir@@
.?AVCBrowseDir@@
.?AV?$basic_ostream@_WU?$char_traits@_W@std@@@std@@
.?AVios_base@std@@
.?AV?$_Iosb@H@std@@
.?AV?$basic_ios@_WU?$char_traits@_W@std@@@std@@
.?AV?$basic_ofstream@_WU?$char_traits@_W@std@@@std@@
.?AV?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@
.?AV?$basic_filebuf@_WU?$char_traits@_W@std@@@std@@
.?AVbad_cast@std@@
.?AVexception@std@@
.?AVCDialog@@
.?AVCDialogEx@@
.?AVCOverviewDlg@@
.?AVCFont@@
.?AVCBrush@@
.?AVCGdiObject@@
.PAVCException@@
.?AVCButton@@
.?AVCWnd@@
.?AVCCmdTarget@@
.?AVCObject@@
.?AVCProtectionDlg@@
.?AVCScanDlg@@
.?AV?$basic_ostream@DU?$char_traits@D@std@@@std@@
.?AV?$basic_ios@DU?$char_traits@D@std@@@std@@
.?AV?$basic_ofstream@DU?$char_traits@D@std@@@std@@
.?AV?$basic_streambuf@DU?$char_traits@D@std@@@std@@
.?AV?$basic_filebuf@DU?$char_traits@D@std@@@std@@
.?AVCMenu@@
.?AVCListCtrl@@
.?AVCSettingsDlg@@
.?AVCComboBox@@
.?AVCWinApp@@
.?AVCWinThread@@
.?AVCXSecAntivirus_MainApp@@
.?AVCAboutDlg@@
.?AVCXSecAntivirus_MainDlg@@
.?AVCTabCtrl@@
wwwwwwwwwwww
5kf#3~Q
log\guiscanlog.txt
eDelete
ntdll.dll
ukernel32.dll
Run a quick scan to find threats hidden in system critical area.
View scan log of X-Sec Antivirus.
Update X-Sec Antivirus to latest version.
Tahoma
http://www.xsecantivirus.com
http://bbs.xsecantivirus.com
http://www.xsecantivirus.com/support/vsub.aspx
Can not start X-Sec Updater! Error code: %d
X-Sec Antivirus
Reloading...
C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\atlmfc\include\afxwin1.inl
Exception thrown in destructor
%Ts (%Ts:%d)
Action
Threat Name
File Path
00:00:00
Scan finished!
Choose a directory to scan
Deleted
Failed to delete
All selected threats have been processed!
You didn't select anything!
=%02d:%02d:%02d
/select,
Explorer.exe
Start Time:
Scan Type:
Scan Target:
Database Version:
Quick Scan
Full Scan
Custom Scan
Folder is not exist or don't have enough privilege!
Scan only
Ask user
Remove automatically
Very low
Normal
Very high
Cloud
AutoRemove
ScanPriority
Protection
XSec_GUI_Instance
X-Sec Antivirus is still running!
Can not create mutex!
Can not generate uuid!
Can not get OS version!
Can not reset current directory!
\config.ini
\cloudcfg.ini
\data\vdfversion.ini
\XSec_Updater.exe
Error
CloudQueryBaseURL
Version
0Can not get current directory!
Fail to parse config file!
Can not load database!
DB Version is corrupted!
Overview
Settings
X-Sec Antivirus is Updating!
Can not reload database!
AFX_DIALOG_LAYOUT
访问主机纪录 (可点击查询WPING实时安全评级)
无主机纪录.
TCP
无TCP连接纪录.
UDP
无UDP连接纪录.
域名解析 (可点击查询WPING实时安全评级)
无域名信息.
TCP
无TCP连接纪录.
UDP
无UDP连接纪录.
HTTP 请求
未发现HTTP请求.
SMTP 流量
无SMTP流量.
IRC 流量
无IRC请求.
ICMP 流量
无ICMP流量.
CIF 报告
无 CIF 结果
网络警报
无警报
TLS
No TLS
Suricata HTTP
No Suricata HTTP
未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
| HTML 总结报告 (需15-60分钟同步) |
下载 |
|---|
Processing ( 20.327 seconds )
- 12.219 Suricata
- 3.91 Static
- 1.932 VirusTotal
- 1.316 TargetInfo
- 0.501 peid
- 0.246 NetworkAnalysis
- 0.083 BehaviorAnalysis
- 0.05 AnalysisInfo
- 0.05 Debug
- 0.015 Strings
- 0.005 Memory
Signatures ( 0.357 seconds )
- 0.17 md_bad_drop
- 0.029 antiav_detectreg
- 0.022 md_url_bl
- 0.012 infostealer_ftp
- 0.012 md_domain_bl
- 0.009 antiav_detectfile
- 0.008 infostealer_im
- 0.008 ransomware_files
- 0.007 persistence_autorun
- 0.007 ransomware_extensions
- 0.006 antianalysis_detectreg
- 0.006 infostealer_bitcoin
- 0.005 infostealer_mail
- 0.004 antivm_vbox_files
- 0.004 disables_browser_warn
- 0.003 tinba_behavior
- 0.003 stealth_timeout
- 0.003 geodo_banking_trojan
- 0.002 rat_nanocore
- 0.002 api_spamming
- 0.002 betabot_behavior
- 0.002 decoy_document
- 0.002 cerber_behavior
- 0.002 antivm_parallels_keys
- 0.002 modify_proxy
- 0.002 browser_security
- 0.001 network_tor
- 0.001 kibex_behavior
- 0.001 antivm_generic_scsi
- 0.001 shifu_behavior
- 0.001 ursnif_behavior
- 0.001 antianalysis_detectfile
- 0.001 antidbg_devices
- 0.001 antivm_generic_diskreg
- 0.001 antivm_xen_keys
- 0.001 banker_zeus_mutex
- 0.001 bot_drive
- 0.001 bot_drive2
- 0.001 browser_addon
- 0.001 darkcomet_regkeys
- 0.001 disables_system_restore
- 0.001 disables_windows_defender
- 0.001 modify_security_center_warnings
- 0.001 modify_uac_prompt
- 0.001 office_security
- 0.001 rat_pcclient
- 0.001 rat_spynet
- 0.001 recon_fingerprint
- 0.001 stealth_hide_notifications
Reporting ( 1.328 seconds )
- 0.817 ReportHTMLSummary
- 0.511 Malheur
| Task ID | 122564 |
|---|---|
| Mongo ID | 5a3261862e06334c282689c5 |
| Cuckoo release | 1.4-Maldun |
沪公网安备 31011502009736号